[thelist] beefing up site security

[Sarah Adams]

>> I get an email from the site including details of the page request if
>> "illegal" user input is detected.
> 
> No offence but unless it is a very good system it might not be reliable.

Hence my desire to beef up security - I'm wondering if there are bad
requests that might be getting through. I think I've covered the usual
suspects, but I want to be sure.

> We had something like that on an old cms we used to use. Normal users
> could trigger it off. Even a bored kid messing around can set them off.

That's the reason for the email to notify me - so I can take a look and
determine if the request is valid but "wonky" or if it really is malicious.

> I would make sure your code is up to date and has no bugs. Are you using
> a CMS system or some other pre built system?

It's a system built by myself and my colleagues.

> Apart from that it is really down to your hosting provider to make sure
> the server is secure.  Mod-Security might help if you are using php.
> Again that is down to the server admin.

I've already notified them so they can take whatever steps necessary
(but I assume/hope they already have).

-- 
sarah adams
web developer & programmer
portfolio: http://sarah.designshift.com
blog: http://hardedge.ca